Because many systems don't have autoregistration and might assign
passwords, or use passwords already there. In that case digest is
helpful.
--temas
On 24 May 2001 12:25:34 -0500, Dustin Puryear wrote:
> Jens Alfke wrote:
> > Assuming a non-SSL client, wouldn't this make the use of digest
> > authentication a bit "too little, too late" in many situations?
> > Any mechanism that could allow the client to securely transmit a password to the
>server in the absence of any prior shared secrets, would have to involve some sort of
>public-key crypto. This would make it nearly as complex as SSL, so why not just use
>SSL, which provides the additional benefit of encrypting the entire session including
>message contents?
> >
>
> I was getting to that. I wonder what the real point of supporting digest
> based authentication is when it can be circumvented before it's ever
> used? I suppose it could be considered a weak backup to having the
> entire stream encrypted from the beginning.
>
> Regards, Dustin
>
> --
> Dustin Puryear <[EMAIL PROTECTED]>
> http://members.telocity.com/~dpuryear
> In the beginning the Universe was created.
> This has been widely regarded as a bad move. - Douglas Adams
> _______________________________________________
> jdev mailing list
> [EMAIL PROTECTED]
> http://mailman.jabber.org/listinfo/jdev
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
